libwebp-1.0.0-5.el8
エラータID: AXSA:2021-2754:03
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
* libwebp: out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009)
* libwebp: out-of-bounds read in ApplyFilter() (CVE-2018-25010)
* libwebp: out-of-bounds read in WebPMuxCreateInternal() (CVE-2018-25012)
* libwebp: out-of-bounds read in ShiftBytes() (CVE-2018-25013)
* libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)
* libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330)
* libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331)
* libwebp: excessive memory allocation when reading a file (CVE-2020-36332)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2018-25009
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2018-25010
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2018-25012
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2018-25013
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2018-25014
A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36330
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2020-36331
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2020-36332
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
Update packages.
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability.
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.
A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
N/A
SRPMS
- libwebp-1.0.0-5.el8.src.rpm
MD5: bda1672f05230eb6e43abc5607f23292
SHA-256: 10887cca85feecc19f41230163a127eb4c16cfd050a2af0905af089cbd7b8608
Size: 3.86 MB
Asianux Server 8 for x86_64
- libwebp-1.0.0-5.el8.x86_64.rpm
MD5: 416185ea02af719329e865a3c5ea50e0
SHA-256: 1409fb24dd80fb6ae03cd44b12477469e60c54326fb69f394cc5098faa9cb90d
Size: 271.44 kB - libwebp-devel-1.0.0-5.el8.x86_64.rpm
MD5: 6ae1d2425dd1bbf425c3cc8cdeca376b
SHA-256: 98fc76ac5fa1195b51449c4e970569d3467e45e5c71b0b8eb534f38402cbcecb
Size: 36.22 kB - libwebp-1.0.0-5.el8.i686.rpm
MD5: 4ff741b9f1b17b243c864593683982ae
SHA-256: c3d8ea561280a099e234a4aa6bb0c23c530993cd5f6b26dac538424f9594cdaf
Size: 291.64 kB - libwebp-devel-1.0.0-5.el8.i686.rpm
MD5: 7e598ed3a37d8bd775ddef8c52d94b33
SHA-256: 9c4fa802f92def311f351e8b26c1ab2c6fe23506494d9ee89cc0f9aa42bfd061
Size: 36.22 kB